[debops.slapd] Tweak default ACL test conditions

Some of the ACL test cases expect LDAP objects that are created at a different time than the OpenLDAP server installation and configuration, for example 'ou=People,dc=example,dc=org'. In this case, these tests need to be conditional to make sure that the users created the needed LDAP objects, otherwise Ansible playbook execution during initialization of the OpenLDAP server will fail.
debops · Nov 8, 2019 · c628cb5 · c628cb5
1 parent 0e4ba3e
commit c628cb5
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/ansible/roles/debops.slapd/defaults/main.yml b/ansible/roles/debops.slapd/defaults/main.yml
@@ -986,6 +986,10 @@ slapd__slapacl_default_tests:
       - name: 'children'
         result: 'children: none(=0)'
 
+    state: '{{ "present"
+               if (slapd__slapacl_admin_person_rdn != "uid=admin-user")
+               else "init" }}'
+
   - name: 'Deny write access to ou=People by unprivileged users'
     dn: 'ou=People,{{ slapd__basedn }}'
     authdn: '{{ slapd__slapacl_regular_person_rdn }},ou=People,{{ slapd__basedn }}'